IIS 8.5: Virtual Account for App Pool (IIS AppPool\{Application Pool Name} is not available

KPhillipson picture KPhillipson · Aug 7, 2014 · Viewed 20.2k times · Source

I am running IIS 8.5 on a Windows 2012 R2 Core box. I created a new application pool called "MyNewAppPool". I have a website instance, called "MyNewWebsite.com" running in the "MyNewAppPool" application pool. The Identity used for "MyNewAppPool" is "ApplicationPoolIdentity".

It is my understanding that I can assign security permissions for application pools in IIS 8.5 by using the auto-generated local virtual accounts, which will be named "IIS AppPool\{Application Pool Name}".

So, in Windows Explorer on the "MyNewWebsite.com" directory, I should be able to assign read/write permissions for the virtual user account "IIS AppPool\MyNewAppPool". I cannot find this user account to assign any permissions to. I am searching the local computer location and not the whole domain. I can find the "IIS AppPool\DefaultAppPool" account, however I don't want to run MyNewWebsite.com under the DefaultAppPPool, I want to run it under the MyNewAppPool application pool.

Can anyone please tell me why I don't can't find the auto-generated virtual account for MyNewAppPool?

Answer

Kev picture Kev · Aug 9, 2014

You won't ever find the synthesised application pool identity in the permissions search dialogue. Just type in the name of the pool identity like this:

Via GUI:

enter image description here

The click the Check Names button:

enter image description here

Via Command Line:

Alternatively you can use ICACLS from an administrator command line/Powershell:

icacls c:\wwwroot\mysite /grant "IIS AppPool\MyNewAppPool":(CI)(OI)(M)